THE GOOD, THE BAD AND THE UGLY â PENETRATION TESTING VS. SOURCE CODE ANALYSIS, with Thomas Ryan. A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious user, known as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered. — Recorded at the Open Web Application Security Project (www.OWASP.org) NYC Conference on Sep 25, 2008 â Content produced by www.MediaArchives.com – Many other OWASP Conference videos available on www.OWASP.tv Get Involved Today! —